Just gre tunnel

 Hi,

I have SRX 240 with JUNOS 12.1X46-D40.2 on board.

I need to create gre tunnel with cisco isr 1841.

GRE interface:

gr-0/0/0 {
    unit 0 {
        tunnel {
            source 11.12.13.14;
            destination 21.22.23.24;
        }
        family inet {
            address 10.170.171.2/30;
        }
    }
}

To simplify testing I put Interface gr-0/0/0.0 to untrust security zone.

# show security zones security-zone untrust interfaces
ge-0/0/0.0 {
    host-inbound-traffic {
        system-services {
            ping;
            ssh;
        }
    }
}
ge-0/0/1.0 {
    host-inbound-traffic {
        system-services {
            ping;
            ssh;
            traceroute;
        }
    }
}
vlan.200 {
    host-inbound-traffic {
        system-services {
            ssh;
            ping;
        }
    }
}
gr-0/0/0.0 {
    host-inbound-traffic {
        system-services {
            all;
        }
    }
}

Policy in untrust scurity zone

# show security policies from-zone untrust to-zone untrust
policy BETWEEN_UNTRUST_IFACES {
    match {
        source-address any;
        destination-address any;
        application any;
    }
    then {
        permit;
    }
}

Cisco interface config:

interface Tunnel150
 ip address 10.170.171.1 255.255.255.252
 tunnel source 21.22.23.24
 tunnel destination 11.12.13.14
end

When ping 10.170.171.2 (srx) from cisco 10.170.171.1 on srx device:

>show security flow session source-prefix 10.170.171.1
Session ID: 37192, Policy name: self-traffic-policy/1, Timeout: 2, Valid
  In: 10.170.171.1/3 --> 10.170.171.2/684;icmp, If: gr-0/0/0.0, Pkts: 1, Bytes: 100
  Out: 10.170.171.2/684 --> 10.170.171.1/3;icmp, If: .local..0, Pkts: 1, Bytes: 100
Total sessions: 1

When ping from srx to cisco packet counter on tunnel interface is not increase.

SRX Interface status:

> show interfaces gr-0/0/0.0
  Logical interface gr-0/0/0.0 (Index 91) (SNMP ifIndex 547)
    Flags: Point-To-Point SNMP-Traps 0x0 IP-Header 21.22.23.24:11.12.13.14:47:df:64:0000000000000000 Encapsulation: GRE-NULL
    Gre keepalives configured: Off, Gre keepalives adjacency state: down
    Input packets : 162
    Output packets: 163
    Security: Zone: untrust
    Allowed host-inbound traffic : bootp dns dhcp finger ftp tftp ident-reset http https ike netconf ping reverse-telnet reverse-ssh rlogin rpm rsh snmp
    snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl lsping ntp sip r2cp
    Protocol inet, MTU: 1476
      Flags: Sendbcast-pkt-to-re
      Addresses, Flags: Is-Preferred Is-Primary
        Destination: 10.170.171.0/30, Local: 10.170.171.2, Broadcast: 10.170.171.3

I also have SRX100 with JUNOS Software Release [10.4R6.5]. Identical (except IP addresses) gre config works fine with same cisco router.

How I can more deep troubleshooting this case?

Thanks.